NordVPN has thousands of servers across the world hosted with third-party data centers. One such server hosted with a Finland-based datacenter was unauthorizedly accessed on March 2018. NordVPN confirmed that the attackers successfully managed to steal three encryption keys responsible for protecting VPN users’ traffic routed through the compromised server. The company terminated the contract with the server provider and shredded all servers NordVPN had been renting from them. The keys were valid at the time of the breach and expired in October 2018, almost 7 months after the breach.
Source: https://thehackernews.com/2019/10/nordvpn-data-breach.html